Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Anchore Enterprise anchorectl version 0.1.4 improperly stored credentials when generating a Software Bill of Materials. anchorectl will add the credentials used to access Anchore Enterprise API in the Software Bill of Materials (SBOM) generated by anchorectl. Users of anchorectl version 0.1.4 should upgrade to anchorectl version 0.1.5 to resolve this issue.
CVSS Information
N/A
Vulnerability Type
不充分的凭证保护机制
Vulnerability Title
Anchor 安全漏洞
Vulnerability Description
Anchor是一套开源的轻量级博客系统。 Anchore Enterprise anchorectl 0.1.4版本存在安全漏洞,该漏洞源于在生成软件物料清单时不正确地存储了凭证。anchorectl将在anchorectl生成的软件物料清单(SBOM)中添加用于访问Anchore Enterprise API的凭证。0.1.4版的用户应升级到0.1.5版来解决这个问题。
CVSS Information
N/A
Vulnerability Type
N/A